[vpn-help] Problems with Shrewsoft VPN-Client / Access via UMTS surf stick

Sat Oct 22 13:17:46 CDT 2011

Hello there,

I've got a connection problem using the Shrewsoft VPN client and a 
Netscreen 5GT using UMTS (surf stick, Vodafone Germany).

There is no connection problem in general (the VPN connection works 
without problems using DSL with different PCs), only when the client 
tries to establish a connection via UMTS (Vodafone Germany).

The client mailed me the log/trace of his Shrewsoft client. On the 
Netscreen (VPN gateway) there is no entry in the log, so I assume that 
the Shrewsoft client don't even reach the Netscreen. Does anybody can 
help me with that, maybe with interpreting the following trace? Maybe 
it's a problem with Vodafone blocking the needed ports? Thanks!

In the following trace, I replaced the client IP address with 
xx.xx.xx.xx, the VPN Gateway IP address with yy.yy.yy.yy.

11/10/21 12:39:00 ## : IKE Daemon, ver 2.1.7
11/10/21 12:39:00 ## : Copyright 2010 Shrew Soft Inc.
11/10/21 12:39:00 ## : This product linked OpenSSL 0.9.8h 28 May 2008
11/10/21 12:39:00 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
11/10/21 12:39:00 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-decrypt.cap'
11/10/21 12:39:00 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-encrypt.cap'
11/10/21 12:39:00 ii : rebuilding vnet device list ...
11/10/21 12:39:00 ii : device ROOT\VNET\0000 disabled
11/10/21 12:39:00 ii : network process thread begin ...
11/10/21 12:39:00 ii : pfkey process thread begin ...
11/10/21 12:39:00 ii : ipc server process thread begin ...
11/10/21 12:43:32 ii : ipc client process thread begin ...
11/10/21 12:43:32 <A : peer config add message
11/10/21 12:43:32 DB : peer added ( obj count = 1 )
11/10/21 12:43:32 ii : local address xx.xx.xx.xx selected for peer
11/10/21 12:43:32 DB : tunnel added ( obj count = 1 )
11/10/21 12:43:32 <A : proposal config message
11/10/21 12:43:32 <A : proposal config message
11/10/21 12:43:32 <A : client config message
11/10/21 12:43:32 <A : xauth username message
11/10/21 12:43:32 <A : xauth password message
11/10/21 12:43:32 <A : local id 'vpn.domain.de' message
11/10/21 12:43:32 <A : remote id 'www.domain.de' message
11/10/21 12:43:32 <A : preshared key message
11/10/21 12:43:32 <A : remote resource message
11/10/21 12:43:32 <A : peer tunnel enable message
11/10/21 12:43:32 DB : new phase1 ( ISAKMP initiator )
11/10/21 12:43:32 DB : exchange type is aggressive
11/10/21 12:43:32 DB : xx.xx.xx.xx:500 <-> yy.yy.yy.yy:500
11/10/21 12:43:32 DB : 39b7d8b3d4eac6aa:0000000000000000
11/10/21 12:43:32 DB : phase1 added ( obj count = 1 )
11/10/21 12:43:32 >> : security association payload
11/10/21 12:43:32 >> : - proposal #1 payload
11/10/21 12:43:32 >> : -- transform #1 payload
11/10/21 12:43:32 >> : -- transform #2 payload
11/10/21 12:43:32 >> : -- transform #3 payload
11/10/21 12:43:32 >> : -- transform #4 payload
11/10/21 12:43:32 >> : -- transform #5 payload
11/10/21 12:43:32 >> : -- transform #6 payload
11/10/21 12:43:32 >> : -- transform #7 payload
11/10/21 12:43:32 >> : -- transform #8 payload
11/10/21 12:43:32 >> : -- transform #9 payload
11/10/21 12:43:32 >> : -- transform #10 payload
11/10/21 12:43:32 >> : -- transform #11 payload
11/10/21 12:43:32 >> : -- transform #12 payload
11/10/21 12:43:32 >> : -- transform #13 payload
11/10/21 12:43:32 >> : -- transform #14 payload
11/10/21 12:43:32 >> : -- transform #15 payload
11/10/21 12:43:32 >> : -- transform #16 payload
11/10/21 12:43:32 >> : -- transform #17 payload
11/10/21 12:43:32 >> : -- transform #18 payload
11/10/21 12:43:32 >> : key exchange payload
11/10/21 12:43:32 >> : nonce payload
11/10/21 12:43:32 >> : identification payload
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local supports XAUTH
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local supports nat-t ( draft v00 )
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local supports nat-t ( draft v01 )
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local supports nat-t ( draft v02 )
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local supports nat-t ( draft v03 )
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local supports nat-t ( rfc )
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local supports FRAGMENTATION
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local supports DPDv1
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local is SHREW SOFT compatible
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local is NETSCREEN compatible
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local is SIDEWINDER compatible
11/10/21 12:43:32 >> : vendor id payload
11/10/21 12:43:32 ii : local is CISCO UNITY compatible
11/10/21 12:43:32 >= : cookies 39b7d8b3d4eac6aa:0000000000000000
11/10/21 12:43:32 >= : message 00000000
11/10/21 12:43:32 -> : send IKE packet xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500 ( 1190 bytes )
11/10/21 12:43:32 DB : phase1 resend event scheduled ( ref count = 2 )
11/10/21 12:43:37 -> : resend 1 phase1 packet(s) xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500
11/10/21 12:43:42 -> : resend 1 phase1 packet(s) xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500
11/10/21 12:43:47 -> : resend 1 phase1 packet(s) xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500
11/10/21 12:43:52 ii : resend limit exceeded for phase1 exchange
11/10/21 12:43:52 ii : phase1 removal before expire time
11/10/21 12:43:52 DB : phase1 deleted ( obj count = 0 )
11/10/21 12:43:52 DB : policy not found
11/10/21 12:43:52 DB : policy not found
11/10/21 12:43:52 DB : policy not found
11/10/21 12:43:52 DB : policy not found
11/10/21 12:43:52 DB : policy not found
11/10/21 12:43:52 DB : policy not found
11/10/21 12:43:52 DB : tunnel stats event canceled ( ref count = 1 )
11/10/21 12:43:52 DB : removing tunnel config references
11/10/21 12:43:52 DB : removing tunnel phase2 references
11/10/21 12:43:52 DB : removing tunnel phase1 references
11/10/21 12:43:52 DB : tunnel deleted ( obj count = 0 )
11/10/21 12:43:52 DB : removing all peer tunnel refrences
11/10/21 12:43:52 DB : peer deleted ( obj count = 0 )
11/10/21 12:43:52 ii : ipc client process thread exit ...
11/10/21 12:55:34 ii : ipc client process thread begin ...
11/10/21 12:55:34 <A : peer config add message
11/10/21 12:55:34 DB : peer added ( obj count = 1 )
11/10/21 12:55:34 ii : local address xx.xx.xx.xx selected for peer
11/10/21 12:55:34 DB : tunnel added ( obj count = 1 )
11/10/21 12:55:34 <A : proposal config message
11/10/21 12:55:34 <A : proposal config message
11/10/21 12:55:34 <A : client config message
11/10/21 12:55:34 <A : xauth username message
11/10/21 12:55:34 <A : xauth password message
11/10/21 12:55:34 <A : local id 'vpn.domain.de' message
11/10/21 12:55:34 <A : remote id 'www.domain.de' message
11/10/21 12:55:34 <A : preshared key message
11/10/21 12:55:34 <A : remote resource message
11/10/21 12:55:34 <A : peer tunnel enable message
11/10/21 12:55:34 DB : new phase1 ( ISAKMP initiator )
11/10/21 12:55:34 DB : exchange type is aggressive
11/10/21 12:55:34 DB : xx.xx.xx.xx:500 <-> yy.yy.yy.yy:500
11/10/21 12:55:34 DB : 332af56d5afb57b5:0000000000000000
11/10/21 12:55:34 DB : phase1 added ( obj count = 1 )
11/10/21 12:55:34 >> : security association payload
11/10/21 12:55:34 >> : - proposal #1 payload
11/10/21 12:55:34 >> : -- transform #1 payload
11/10/21 12:55:34 >> : -- transform #2 payload
11/10/21 12:55:34 >> : -- transform #3 payload
11/10/21 12:55:34 >> : -- transform #4 payload
11/10/21 12:55:34 >> : -- transform #5 payload
11/10/21 12:55:34 >> : -- transform #6 payload
11/10/21 12:55:34 >> : -- transform #7 payload
11/10/21 12:55:34 >> : -- transform #8 payload
11/10/21 12:55:34 >> : -- transform #9 payload
11/10/21 12:55:34 >> : -- transform #10 payload
11/10/21 12:55:34 >> : -- transform #11 payload
11/10/21 12:55:34 >> : -- transform #12 payload
11/10/21 12:55:34 >> : -- transform #13 payload
11/10/21 12:55:34 >> : -- transform #14 payload
11/10/21 12:55:34 >> : -- transform #15 payload
11/10/21 12:55:34 >> : -- transform #16 payload
11/10/21 12:55:34 >> : -- transform #17 payload
11/10/21 12:55:34 >> : -- transform #18 payload
11/10/21 12:55:34 >> : key exchange payload
11/10/21 12:55:34 >> : nonce payload
11/10/21 12:55:34 >> : identification payload
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local supports XAUTH
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local supports nat-t ( draft v00 )
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local supports nat-t ( draft v01 )
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local supports nat-t ( draft v02 )
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local supports nat-t ( draft v03 )
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local supports nat-t ( rfc )
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local supports FRAGMENTATION
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local supports DPDv1
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local is SHREW SOFT compatible
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local is NETSCREEN compatible
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local is SIDEWINDER compatible
11/10/21 12:55:34 >> : vendor id payload
11/10/21 12:55:34 ii : local is CISCO UNITY compatible
11/10/21 12:55:34 >= : cookies 332af56d5afb57b5:0000000000000000
11/10/21 12:55:34 >= : message 00000000
11/10/21 12:55:34 -> : send IKE packet xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500 ( 1190 bytes )
11/10/21 12:55:34 DB : phase1 resend event scheduled ( ref count = 2 )
11/10/21 12:55:39 -> : resend 1 phase1 packet(s) xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500
11/10/21 12:55:44 -> : resend 1 phase1 packet(s) xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500
11/10/21 12:55:49 -> : resend 1 phase1 packet(s) xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500
11/10/21 12:55:54 ii : resend limit exceeded for phase1 exchange
11/10/21 12:55:54 ii : phase1 removal before expire time
11/10/21 12:55:54 DB : phase1 deleted ( obj count = 0 )
11/10/21 12:55:54 DB : policy not found
11/10/21 12:55:54 DB : policy not found
11/10/21 12:55:54 DB : policy not found
11/10/21 12:55:54 DB : policy not found
11/10/21 12:55:54 DB : policy not found
11/10/21 12:55:54 DB : policy not found
11/10/21 12:55:54 DB : tunnel stats event canceled ( ref count = 1 )
11/10/21 12:55:54 DB : removing tunnel config references
11/10/21 12:55:54 DB : removing tunnel phase2 references
11/10/21 12:55:54 DB : removing tunnel phase1 references
11/10/21 12:55:54 DB : tunnel deleted ( obj count = 0 )
11/10/21 12:55:54 DB : removing all peer tunnel refrences
11/10/21 12:55:54 DB : peer deleted ( obj count = 0 )
11/10/21 12:55:54 ii : ipc client process thread exit ..